<?php
	
session_start();
include "../conf/config.php";

$db = mysql_connect($host, $user_select, $mdp_select);
$db_selected = mysql_select_db('website', $db);
$login = $_POST['username'];
$password = md5($_POST['password']);

if ($login == "" || $_POST['password'] == "") {
	$_SESSION['user']['message'] = "Il faut saisir son login et son mot de passe";
} else if (!$db) {
	$_SESSION['user']['message'] = "Erreur interne (désolé :/)";
} else {
	$login = mysql_real_escape_string($login);
	$password = mysql_real_escape_string($password);

	$query = sprintf("SELECT * FROM user WHERE login = '%s' AND mypassword = '%s';", $login, $password);

	$result = mysql_query($query);

	if (1 === mysql_num_rows($result)) {

		$_SESSION['user'] = mysql_fetch_assoc($result);
	}
	else {
		$_SESSION['user']['message'] = "Mauvais login/mot de passe.";
	}
}

$location = 'index.php';

header('Location: ' . $location);
?>